Eliminate attack paths
with BloodHound Enterprise & TEAL
Attack Paths are nothing new ❯ Identity-based attack paths have been common for a long time and form chains of abusive privileges and user behaviors. These establish direct and indirect connections between computers and users.
Attack Path Management (APM) is a unique methodology that helps organizations understand attack path risks, empirically quantify their impact, and eliminate them. The primary goal of APM is to directly solve the attack path problem, which is a known issue in the Microsoft Active Directory and Azure Active Directory ecosystem. These platforms are the most lucrative for attackers because taking control of an organization gives them complete control over all users, systems and data in that organization. Your company.
Early 2022, we partnered up with SpecterOps for the Bloodhound Enterprise deployment as their European partner. BloodHound Enterprise is an Attack Path Management solution that constantly maps and quantifies Active Directory attack paths. You can remove millions or even billions of attack paths within your existing IT architecture and eliminate attacker techniques.
TEAL is happy to support you with the integration of BloodHound Enterprise.
Contact us for a first consultation to reduce your attack path risk!
Attack Path
The problems
of customers
Attackers have been exploiting Active Directory attack paths to achieve their goals for years. And for good reason, because the Active Directory is…:
... the foundation of most IT infrastructures
Although taking control of AD is not usually the attacker's end goal (stealing, encrypting or deleting data), most enterprise applications, services, identities and critical operations are built on top of AD.
... omnipresent
Active Directory is used by almost every organization. This allows attackers to use the same paths and tools as often as they like to attack a variety of organizations.
... high performance
Attackers use the same administrative functions that make Active Directory so useful to enterprises to achieve their goal without the use of exploits.
The solution
with BloodHound Enterprise
Continuous mapping of attack paths
The network, user privileges, application permissions, and group memberships are constantly changing to meet new business needs. On every system a registered user logs in, they leave digital footprints an attacker can potentially read. As the environment is constantly changing, the attack paths that can be used by the attacker are also constantly changing and must be continuously captured and mapped. BloodHound Enterprise...
-
- ... maps every relationship and connection
- ... shows the actual permissions
- ... uncovers new and previously hidden attack paths
Prioritization of attack path choke points
Indiscriminate elimination of AD misconfigurations does not significantly improve the security level and additionally has a negative impact on the productivity and morale of the Active Directory team. However, if it is possible to empirically find the misconfigurations whose elimination will eliminate the most attack paths, a significant increase in the security level can be achieved in a much shorter period of time. BloodHound Enterprise...
-
- ... measures the influence of each point in an attack path
- ... identifies the optimal locations to eliminate the greatest number of attack paths
- ... sorts these key points in order of greatest impact
- ... minimizes the effort required to fix misconfigurations
Practical and detailed instructions on how to eliminate the misconfigurations
Generic, impractical, or overly complicated remedies do not provide any benefit. They can even lead to failures if implemented without fully understanding the implications. Meaningful guidance must be written with knowledge of the effective privileges of users, as well as the resulting attack paths, and with clear, unambiguous language. BloodHound Enterprise…
-
- ... can provide practical workarounds without making drastic changes to the AD
- ... provides precise and comprehensive instructions to eliminate attack paths
- ... provides assistance to verify that the privileges to be removed are indeed not needed
Continuous measurement of the safety level
In order to permanently improve one's security level, one must be able to identify the current level and then continuously measure the change in the level. Often, security products lack the ability to empirically measure the entire system, so they are unable to perform a true risk assessment. Active Directory, while a complicated and dynamic system, is a closed system that allows for continuous and comprehensive measurement of attack path risk. BloodHound Enterprise...
-
- ... instantly creates a baseline from the Active Directory, identifies each attack path and the risk from each node on the path
- ... continuously measures when changes are made to the Active Directory and reassesses the risk
- ... recognizes significant improvements in security posture, by eliminating choke points
The solution
with BloodHound Enterprise
Continuous mapping of attack paths
The network, user privileges, application permissions, and group memberships are constantly changing to meet new business needs. On every system a registered user logs in, they leave digital footprints an attacker can potentially read. As the environment is constantly changing, the attack paths that can be used by the attacker are also constantly changing and must be continuously captured and mapped. BloodHound Enterprise...
-
-
- ... maps every relationship and connection
- ... shows the actual permissions
- ... uncovers new and previously hidden attack paths
-
Prioritization of attack path choke points
Indiscriminate elimination of AD misconfigurations does not significantly improve the security level and additionally has a negative impact on the productivity and morale of the Active Directory team. However, if it is possible to empirically find the misconfigurations whose elimination will eliminate the most attack paths, a significant increase in the security level can be achieved in a much shorter period of time. BloodHound Enterprise...
-
-
- ... measures the influence of each point in an attack path
- ... identifies the optimal locations to eliminate the greatest number of attack paths
- ... sorts these key points in order of greatest impact
- ... minimizes the effort required to fix misconfigurations
-
Practical and detailed instructions on how to eliminate the misconfigurations
Generic, impractical, or overly complicated remedies do not provide any benefit. They can even lead to failures if implemented without fully understanding the implications. Meaningful guidance must be written with knowledge of the effective privileges of users, as well as the resulting attack paths, and with clear, unambiguous language. BloodHound Enterprise…
-
-
- ... can provide practical workarounds without making drastic changes to the AD
- ... provides precise and comprehensive instructions to eliminate attack paths
- ... provides assistance to verify that the privileges to be removed are indeed not needed
-
Continuous measurement of the safety level
In order to permanently improve one's security level, one must be able to identify the current level and then continuously measure the change in the level. Often, security products lack the ability to empirically measure the entire system, so they are unable to perform a true risk assessment. Active Directory, while a complicated and dynamic system, is a closed system that allows for continuous and comprehensive measurement of attack path risk. BloodHound Enterprise...
-
-
- ... instantly creates a baseline from the Active Directory, identifies each attack path and the risk from each node on the path
- ... continuously measures when changes are made to the Active Directory and reassesses the risk
- ... recognizes significant improvements in security posture, by eliminating choke points
-
BloodHound Enterprise information breakdown
Objective
Delivery
Data Collection
Analytics
Trend Reporting
Target User
Support
Data Reconciliation
Remediations
Search
Webinar
on the topic BloodHound Enterprise
Webinar
on the topic BloodHound Enterprise
Why
with us
Andy Robbins, Rohan Vazarkar and Will Schroeder of SpecterOps.io developed BloodHound free and open-source (FOSS or BloodHound Community Edition) in 2016 to enable penetration testers and Red Teamers to visualize enterprise attacker risk and help defenders prepare for impending attacks. Since then, BloodHound has been used by attackers and defenders alike to identify and analyze attack paths in Active Directory environments in the field.
While BloodHound Community Edition is designed to identify attack avenues that can be exploited, the team's vision was to develop BloodHound Enterprise to continuously and comprehensively manage all attack risks in real time.
Early 2022, we partnered up with SpecterOps for the Bloodhound Enterprise deployment as their European partner.
We are your Trusted Advisor in all matters relating to information security.
Our accumulated experience and know-how in the area of Microsoft Infrastructure as well as Active Directory security is not only passed on in customer-specific project implementation, but we also act as a provider of special solutions. Our goal is to continuously increase security in corporate environments and to support you with highly efficient solutions as a full managed service provider.
BloodHound Enterprise
Your advantages at a glance
Unparalleled visibility into Active Directory
Measurably improved safety position
Elimination of "emergency solutions"
Improving the availability of directory services
Your contact person at TEAL
Fabian Böhm – IT-Consultant
Send a request now
Send a request now
BloodHound Enterprise
Your advantages at a glance
Unparalleled visibility into Active Directory
Measurably improved safety position
Elimination of "emergency solutions"
Improving the availability of directory services
Your contact person at TEAL
Fabian Böhm – IT-Consultant